PSA Certified Level 1

Critical security questions for chip vendors, OS providers and OEMs

PSA Certified Level 1 is a set of critical security questions that the developer should answer and review with a test laboratory. It has been designed in a composite style with three separate sections for: chip vendors, OS suppliers and OEMs. Level 1 derives its questions from the PSA Security Model goals and a library of IoT threat models. When filled out it provides an evidence base that foundational security goals have been met. Since many attacks exploit basic vulnerabilities in a device achieving Level 1 is an important step in improving IoT security. To help you get started the Level 1 questionnaire is ready to download on the resources page.

The questions require written responses as evidence of how the chip, operating system or device meet the security requirements. Questions can have a response of “not applicable” or “partial” as well as yes, allowing for corner cases to be covered. For example, a disposable IoT device might not require update functionality and therefore not applicable “N/A” might be selected with a written rationale.

Level 1 is at the scope of device or platform SoC. It aims to catch common security issues through an assessment of security functions. The design of the questionnaire enables chip vendors, OS companies and device makers to download the questionnaire, fill it in and then contact a participating PSA Certified test lab for an interview style assessment. It is anticipated that this will take less than one day.

Example question and response for a chip vendor

The PSA Security Model describes ten goals of a secure system. If the test lab assesses that the written answers and interview are satisfactory (meet a required threshold) a Digital Certificate will be published on this website with a unique reference number. It is recommended that the digital certificate number is used in the chips entity attestation token as its “HW version” claim.

PSA Certified Level 1 – Getting started

PSA Certified Level 1 uses a questionnaire with critical security questions. It has individual sections for the chip vendor, RTOS vendor and OEM. Fill it in for your chip, OS or product and take it to a test lab who is part of this program. You can find a list of participating test labs here.

The test lab you have selected will discuss your answers and evidence in an interview style assessment. If the test lab considers the completed questionnaire and interview to be a “pass” they will provide it to a scheme moderator to perform some double checks and then your product will be given a unique reference by the lab and a digital certificate added on this website.

Related Links

The PSA Certified name, PSA Certified logos, PSA Functional API Certified logo and any other Arm trademarks featured on this website
are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. Other brands
and names mentioned on this website may be the trademarks of their respective owners.
See here for more information about Arm's trademarks.

Important Information for the PSA Certified website. This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work. Find out more.